Encrypt XML with X509 certificate

Similar Messages

• Invoking secure services inside bpel with x509 certificate and weblogic

  Hi, everyone. Here we have a problem with invoking secure webservices (*client authentication*) from a bpel deployed in weblogic that is consuming so much time (more than a week) and don't know what else to try.
  The scenario: we have a bpel process which invokes a series of web services without any security mechanisms. Now, we have to change it to invoke a series of webservices that do exactly the same, but using ssl and client authentication with x509 certificates. The first part of it, the ssl one, is done without any problems. But the second part is not working at all, and we (I) are running out of ideas how to configure it in weblogic.
  The situation: I want to invoke a webservice, say, Service1. It requires client authentication, so I should pass a certificate (*which I already have*). I put that certificate inside a keystore (with keytool -importkeystore, from p12 to jks). With SoapUI I have no problem now to invoke the service now. But, I'm not sure what should I do to make it work in weblogic; after all, the provider keeps answering with a HTTP 403 Forbidden error.
  The actions: inside the weblogic's enterprise manager, in SOA deployments (SOA / soa-infra / default ) I selected my composite, and in the Dashboard (down at Services and references), clicked the particular service (Service1). Then, it took me to another page where I can see statistics about that service, and a tab named Policies. There (in Policies) I have the chance to attach a policy, but I don't know which one is the approppriate; I guest it should be WSS11_x509_token_with_message_protection_service_policy, which in turn asks me to provide a value for keystore.recipient.alias, keystore.sig.csf.key and keystore.enc.csf.key. For this keys, I provide values that I configured in Credentials (Weblogic Domain / Security / Credentials, subtree oracle.wsm.security). My own logic tells me that what I have done is what I should have done, but still no luck :(
  I am sure the keystore is ok (if I rename the keystore file it tells me that the keystore file cannot be found, and if I specify an alias which is not inside the keystore it tells me that the alias is not found and list me valid aliases). I guess I am missing something, somewhere, but after many hours (days, almost 2 weeks) googling, still cannot make it work.
  Any ideas would be apreciated. If anyone knows about a post or article about this, it would be apreciated too, but I can tell is not that I just googled for 25 minutes, but I have spent more than a week googling, trying, analyzing and reading formal documentation, with no results.
  Thanks in advance!

  Try to enable SSL and WS debugging on your WLS. Add the following to your startup script:
  -Dweblogic.webservice.verbose=true
  -Dssl.debug=true
  ..then you might be able to spot if the rejection is based on some handshake problem.

• Test Web Services with X509 Certificate

  Hello,
  We'd like to perform a test of our web services with an X509 Certificate.  I have been using SOAPSonar to do my test up to this point.  But the version I have will not allow me to test with a certificate.  It appears I will need to purchase the software upgrade in order to test with a certificate. 
  Must I use this software or is there another method/software I can use to do this testing?
  Can Altova's XMLSpy test with a X509 certificate?
  Thanks,
  Matt

  Neetesh,
  It looks like SOAPUI will work.  I am currently looking into it. 
  Ravi - I'm not sure what software these steps are refering to?  Is that for XMLSpy?
  Thanks,
  Matt
  Edited by: Matthew Herbert on Dec 2, 2009 8:56 PM

• Encrypt pdf with trusted certificates on acrobat pro xi

  Hi all,
  I'm supporting a user who used to encrypt documents with trusted identities (*.fdf) on Acrobat X.
  Now on Acrobat XI, when trying to encrypt a document, he can't used trusted identities. It seems like Acrobat XI only allow encryption from Digital ID (imported from *.pfx)
  Is this correct? Any way we can encrypt on Acrobat XI with trusted identities?
  Thanks.
  Welly

  Hi Welly,
  A digital ID (a P12 or PFX file) consists of three parts; a Public-Key Certificate, the public key, and the private key. The Public-Key Certificate (PKC) is the textual portion that you see in a certificate viewer and contains stuff like the user's name (aka the Subject), the issuers name, validity dates, serial number. etc. The two keys (public and private) have a symbiotic relationship when what one key locks (encrypts) only the corresponding other key can unlock (decrypt). Either key can be used to lock (encrypt) data, but whichever is used the data has to be unlocked (decrypted) using the other key.
  If the file doesn't contain the private key, but just has the PKC and the public key then that is known as a certificate file. Certificate files can be shared with the world, where as a digital ID file is only for use by one person. A certificate file can be view by anyone, but a digital ID file is either password or PIN protected.
  That said, when it comes to encrypting a PDF file using Certificate Security the file is encrypted using one or more certificate files, and only the certificate file is used. However, during the encryption process Acrobat asks the user to select one of their own digital IDs to use in order to keep from locking them out of the file. In reality Acrobat only want access to the public-key portion of the file for the encryption process, but it asks the user to select their digital ID to start. You can elect not to use your own digital ID and skip to the portion where you select the public key certificate of the recipients, and if you know to do so you can select your own, but when it comes time to get back into the file you have to have the private key to decrypt the file and that means you have to have access to the digital ID file. It doesn't make a lot of sense that you would encrypt the file for yourself and not already have the digital ID loaded.
  As far and certificate files go, they can be shared in either the FDF format, the CER file format, or the P7B file format. The format of the file is just the transport mechanism to distribute the public key.
  Steve

• Authentication with x509 Certificates.

  Hi All,
  Is it possible to authenticate an APEX application without a username/password but via the browser having an x509 certificate ?
  Can this be done ? If so, does anyone have any idea's on how it can be done ?
  Regards,
  Sunny.

  Hi All,
  Is it possible to authenticate an APEX application without a username/password but via the browser having an x509 certificate ?
  Can this be done ? If so, does anyone have any idea's on how it can be done ?
  Regards,
  Sunny.

• Adobe open encrypted PDF with expired certificate

  Hi,
  I encrypt and sign documents with certificates. To do this I use a script and the little program "jsignpdf". The certificates are stored in windows certificate store on the client.This works fine!
  The problem is that Adobe Reader (10/11) open the encrypted PDF also when the certificate is expired. I don't find any option to change that.
  Has anbody an idea to solve my problem?
  The clients have windows vista and Adobe Reader 10. But  Adobe Reader11 have the same problem.
  Thanks
  Steven

  If you are signing with Acrobat, you have the choice of whether to include revocation information. See Establish long-term signature validation in http://helpx.adobe.com/acrobat/using/validating-digital-signatures.html.

• Use Sign.xml and Encrypt.xml for both request AND response within WSDL?

  Hi,
  ALSB: 2.6
  I was wandering if it's possible to use abstract outof the box WS-Policy file within WSDL file to specify encryption
  (Encrypt.xml) and digital signature(Sign.xml) with X509 for both request and response???
  So far, it only works for either request or response BUT not both. i.e. within WSDL file
  <!-- following WSDL works for encrypting and signing request with X509 in test console -->.....
  <wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
      <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
      <wsdl:operation name="Message">
              <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                            <wsdl:input>
                             <!-- WS-Policy file applied here -->
                           <wsp:Policy>
                                          <wsp:PolicyReference URI="policy:Sign.xml"/>
                                          <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                     </wsp:Policy>
                                   <soap:body use="literal" />
                             </wsdl:input>
                           <wsdl:output>
                                <soap:body use="literal" />
                             </wsdl:output>
      </wsdl:operation>
    </wsdl:binding>
             Or
  <!-- following WSDL works for encrypting and signing response with X509 in test console -->
  <wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
      <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
      <wsdl:operation name="Message">
              <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                            <wsdl:input>
                                   <soap:body use="literal" />
                             </wsdl:input>
                           <wsdl:output>
                                     <!-- WS-Policy file applied here -->
                                     <wsp:Policy>
                                          <wsp:PolicyReference URI="policy:Sign.xml"/>
                                          <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                     </wsp:Policy>
                                <soap:body use="literal" />
                             </wsdl:output>
      </wsdl:operation>
    </wsdl:binding>
  But not both
  <!-- following WSDL doesn't work for encrypting and signing both response and request with X509 in test console -->
  <wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
      <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
      <wsdl:operation name="Message">
              <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                            <wsdl:input>
                                      <!-- WS-Policy file applied here -->
                                     <wsp:Policy>
                                          <wsp:PolicyReference URI="policy:Sign.xml"/>
                                          <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                     </wsp:Policy>
                                   <soap:body use="literal" />
                             </wsdl:input>
                           <wsdl:output>
                                     <!-- WS-Policy file applied here -->
                                     <wsp:Policy>
                                          <wsp:PolicyReference URI="policy:Sign.xml"/>
                                          <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                     </wsp:Policy>
                                <soap:body use="literal" />
                             </wsdl:output>
      </wsdl:operation>
    </wsdl:binding>
  ...      Instead, I got error message like
  <15/01/2008 10:15:04 AM NZDT> <Error> <ALSB Security> <BEA-387023> <An error ocurred during web service security inbound response processing [error-code: Fault
  , message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fdb, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: Message]
  --- Error message:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode>
  <faultstring>Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</faultstring></soapenv:Fa
  ult></soapenv:Body></soapenv:Envelope>
  weblogic.xml.crypto.wss.WSSecurityException: Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#
  X509v3
  at weblogic.xml.crypto.wss.SecurityBuilderImpl.addEncryption(SecurityBuilderImpl.java:308)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processConfidentiality(SecurityPolicyDriver.java:280)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:75)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:64)
  at weblogic.wsee.security.WssServerHandler.processOutbound(WssServerHandler.java:86)
  Truncated. see log file for complete stacktrace
  >
  <15/01/2008 10:15:24 AM NZDT> <Error> <com.bea.weblogic.kernel> <000000> <Failed to build CertPath
  java.security.cert.CertPathBuilderException: [Security:090603]The certificate chain is invalid because it could not be completed. The trusted CAs did not inclu
  de CN=x509,OU=x509,O=x509,L=Wellington,ST=Wellington,C=NZ.
  at weblogic.security.providers.pk.WebLogicCertPathProviderRuntimeImpl$JDKCertPathBuilder.engineBuild(WebLogicCertPathProviderRuntimeImpl.java:669)
  at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
  at com.bea.common.security.internal.legacy.service.CertPathBuilderImpl$CertPathBuilderProviderImpl.build(CertPathBuilderImpl.java:67)
  at com.bea.common.security.internal.service.CertPathBuilderServiceImpl.build(CertPathBuilderServiceImpl.java:86)
  at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
          Truncated. see log file for complete stacktrace
  >
  <15/01/2008 10:15:24 AM NZDT> <Error> <ALSB Security> <BEA-387022> <An error ocurred during web service security inbound request processing [error-code: Fault,
  message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fd8, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: null]
  --- Error message:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault xmlns:wsse="http://docs.oasis-open.or
  g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurityToken</faultcode><faultstring>Security token failed to validate. weblo
  gic.xml.crypto.wss.SecurityTokenValidateResult@3c5347b[status: false][msg [
    Version: V1
    Subject: CN=x509, OU=x509, O=x509, L=Wellington, ST=Wellington, C=NZ
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key:  Sun RSA public key, 1024 bits
    modulus: 13052787793731294943682394984664645854838424340012907077330623....
    The 'System Error Handler' from 'Invocation Trace' in ALSB test console is something like
  [pre]     
  $fault:
  <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
       <con:errorCode>BEA-386201</con:errorCode>
       <con:reason>
            A web service security fault
            occurred[{http://schemas.xmlsoap.org/soap/envelope/}Server][Failed
            to get token for tokenType:
            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3]
       </con:reason>
       <con:details>
            <err:WebServiceSecurityFault
                 xmlns:err="http://www.bea.com/wli/sb/errors">
                 <err:faultcode
                      xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
                      soapenv:Server
                 </err:faultcode>
                 <err:faultstring>
                      Failed to get token for tokenType:
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
                 </err:faultstring>
            </err:WebServiceSecurityFault>
       </con:details>
       <con:location>
            <con:path>response-pipeline</con:path>
       </con:location>
  </con:fault>
  So is this a feature not supported in ALSB 2.6 yet or am I missing something dead simple?
  Thanks in advance
  Sam

  Instead of specifying policies for input and output separately you could place the policy reference only once in the operation element. Maybe will this solve your problem...
  http://e-docs.bea.com/alsb/docs26/security/ws_policy.html#wp1061166

• X509 certificate

  what would cause the following message? We get it when we start up WL5.1 sp6
  on solaris.
  'java.lang.Exception: Problem with X509 certificate: fingerprint ...'
  Thanks
  Alec

  It was the demo certificates, (ca.pem, ca.der, demokey.pem, etc) they had
  expired.
  "Alec Cove" <[email protected]> wrote in message
  news:[email protected]..
  what would cause the following message? We get it when we start up WL5.1sp6
  on solaris.
  'java.lang.Exception: Problem with X509 certificate: fingerprint ...'
  Thanks
  Alec

• Sending an encrypted XML to an email adress with specific certificate

  Hi,
  I want to create a form that has a submit button which sends an encrypted xml to an e-mail adress..
  In the Encryption Settings of the button I can specify the certificate that should be used (.cer -File).
  But when I click on the submit button a window appears to choose the Digitale Signature although I already specified it in the Encryption Settings. In addition, if I click 'cancel' or 'OK' there, another window appears and I'm asked to choose the recipient.. But I specified both, signature and recipient, in the Settings of the button in Adobe LiveCycle Designer..
  What can I do so that these windows do not appear?
  Thanks

  The problem is, that everyones outlook is configured to do that. The only reason why this is so, is that everyone can send from his internal and external adress, here is an example:
  Exchange: [email protected]
  Pop3: [email protected]
  So the only reason why its configured like that (i dont like this configuration too, but it looked like here when i started to work in my company) is to send from two differnt senders.
  So is the problem solved, if i configure two different profiles to enter the one for normal sending (selected when outlook starts) and the other if id like to send delayed mails ?
  Thanks for your kind reply

• Since the most recent Firefox update 3.6.8 by banking institution no longer shows as having a secure encrypted connection, however, my bank assures me all is well with their certificates and that is a problem with the new Firefox browser update, can you g

  Since the most recent Firefox update 3.6.8 my banking institution no longer shows as having a secure encrypted connection, however, my bank assures me all is well with their certificates and that is a problem with the new Firefox browser update, can you give me some idea why it is doing this?
  == This happened ==
  Every time Firefox opened
  == Right after the new Firefox update

  Hello Anne.
  Can you please try it in a new (temporary) Firefox profile and see if the issue is still present? See [http://support.mozilla.com/en-US/kb/Managing+profiles this article] to know how to create a new Firefox profile. Please report back the results.

• Problem when decrypting an encrypted xml data with arabic data

  Hi all
  I have problem in decryption an encrypted Xml file. because my Xml file contains utf-8 characters, this problem occurs. after many proccess on Xml data the following code throws an Exception:
  try {
  // Works if the content is a single child element.
  byte [] a = decbit.getBytes("UTF-8");
  ByteArrayInputStream bais2 = new ByteArrayInputStream(a);
  Document decdoc = docBuilder.parse(bais2);
  Node decNode =
  encDoc.importNode(decdoc.getFirstChild(), true);
  edata.getParentNode().replaceChild(decNode,edata);
  }catch(org.xml.sax.SAXParseException spe) {
  //In case the content is plain text
  //or a group of child elements
  Text decText = encDoc.createTextNode(decbit);
  edata.getParentNode().replaceChild(decText,edata);
  decString = (getString((XmlDocument)encDoc));
  at the line with code "Document decdoc = docBuilder.parse(bais2); " an Exception occurs with message :
  org.xml.sax.SAXParseException: Illegal character at end of document, &#x3c;.
  whereas when I debug the project the filed "decbit", contains correct data. any way, in order to the exception, the control move to "catch" block and create a Text Node but the problem is the replaced data is like this:
  <id root="588588588" extension="" displayable="false" /><beneficiaryOf typeCode="BEN">
  <policyOrAccount classCode="COV" moodCode="EVN">
  <id xsi:type="II" root="855855855" extension="" displayable="false" />
  <author typeCode="AUT">
  <carrierRole classCode="UNDWRT">
  <id root="6548888888" extension="" displayable="false" />
  </carrierRole>
  </author>
  </policyOrAccount>
  </beneficiaryOf>
  as you can see, tha "<" characters are < and the ">" characters are >
  this really exhausted me, please help me out.
  thank you, any help will be appreciated
  regards
  Mohammad

  Hi Naveen,
  In sxmb_moni the content transmitted to the adapter(RFC)is as follows
  <?xml version="1.0" encoding="UTF-8" ?>
  - <ns:ZRFID_EQUIP xmlns:ns="urn:sap-com:document:sap:rfc:functions">
  - <RECORDS>
  - <item>
    <FLOC>f1-01-01</FLOC>
    <RFID_NO>I006</RFID_NO>
    </item>
  - <item>
    <FLOC>f1-01-02</FLOC>
    <RFID_NO>I002</RFID_NO>
    </item>
  - <item>
    <FLOC>f1-01-03</FLOC>
    <RFID_NO>I003</RFID_NO>
    </item>
  - <item>
    <FLOC>f1-01-04</FLOC>
    <RFID_NO>I004</RFID_NO>
    </item>
  - <item>
    <FLOC>f1-01-05</FLOC>
    <RFID_NO>I005</RFID_NO>
    </item>
  - <item>
    <FLOC>f1-01-06</FLOC>
    <RFID_NO>I001</RFID_NO>
    </item>
    </RECORDS>
    </ns:ZRFID_EQUIP>
  At r/3 side the field floc and rfid_no gets mapped to floc which is of char30
  eg floc=f1-01-01I006
     rfid_no=

• Encrypt PDF with certificate (alternative to Acrobat?)

  Hi,
  we need to encrypt PDF document with a certificate of our company.
  We already worked with Acrobat's feature to do this, but we need to offer the possibility to encrypt documents to many of our employees.
  But only for this reason we don't want to buy licenses of Acrobat, so do you no alternative software that provides this feature?

  Hi,
  we need to encrypt PDF document with a certificate of our company.
  We already worked with Acrobat's feature to do this, but we need to offer the possibility to encrypt documents to many of our employees.
  But only for this reason we don't want to buy licenses of Acrobat, so do you no alternative software that provides this feature?

• Problem with creating a third party signed x509 certificate

  Dear all
  I'm working on pki project, in which i need to generate a key pair and and using it to create a self-signed x509 certificate, it will act as the CA and using it private key to sign all other x509 certificate, I have no problem on creating the self-signed cert, but when try to create other cert using CA private, I got the following exception
  Caught exception: java.security.InvalidKeyException: Public key presented not for certificate signature
  I'm using bouncycastle to do the cert generation, here is an example of my code
     Security.addProvider(new BouncyCastleProvider());
     //be sign key pair
     KeyPairGenerator keyGen=KeyPairGenerator.getInstance("DSA");
     keyGen.initialize(1024, new SecureRandom());
     KeyPair keypair=keyGen.generateKeyPair();
     PrivateKey prikey=keypair.getPrivate();
     PublicKey pubkey=keypair.getPublic();
     //ca key pair
     KeyPair cakeypair=keyGen.generateKeyPair();
     PrivateKey caprikey=cakeypair.getPrivate();
     PublicKey capubkey=cakeypair.getPublic();
     Hashtable attrs = new Hashtable();
     attrs.put(X509Principal.CN, "Test");
     //generate cert
     X509V3CertificateGenerator certGen=new X509V3CertificateGenerator();
     certGen.setSerialNumber(BigInteger.valueOf(1));
     certGen.setIssuerDN(new X509Principal(attrs ));
     certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
     certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
     certGen.setSubjectDN(new X509Principal(attrs));
     certGen.setPublicKey(pubkey);
     //certGen.setSignatureAlgorithm("MD5WithDSAEncryption");
     certGen.setSignatureAlgorithm("SHA1withDSA");
     X509Certificate cert=certGen.generateX509Certificate(caprikey);
     cert.checkValidity(new Date());
     cert.verify(pubkey);
     Set dummySet=cert.getNonCriticalExtensionOIDs();
     dummySet=cert.getNonCriticalExtensionOIDs();I have no idea what problem is
  I hope that bouncycastle supporter or anyone could help me or give some guidance and I'm much appreciate that.

  Hi tkfi
  your problem is you'er not using the ca public key to do the verification, replace the
  cert.verify(pubkey);
  to
  cert.verify(capubkey);
  and it should be work

• Apache plugin for Weblogic not forwarding entire X509 certificate chain

  I really hope there's someone out there that can help with this. I've spent all week trying various things to make this work.
  SUMMARY
  It doesn't appear that the Weblogic plugin (mod_wl_20.so) for Apache (2.0.49) sends the entire X509 certificate chain sent from a client to Weblogic (9.2).
  DESCRIPTION
  We have Apache set up to accept client certificates over SSL. This authentication process is successful. When viewing the weblogic plugin log, I can see the headers that are being sent to weblogic:
  Thu Aug 9 11:34:20 2007 Hdrs from clnt:[Content-Type]=[text/xml; charset=utf-8]
  Thu Aug 9 11:34:20 2007 Hdrs from clnt:[Accept]=[application/soap+xml, application/dime, multipart/related, text/*]
  Thu Aug 9 11:34:20 2007 Hdrs from clnt:[User-Agent]=[Axis/1.2.1]
  Thu Aug 9 11:34:20 2007 Hdrs from clnt:[Host]=[denwlsd1:4044]
  Thu Aug 9 11:34:20 2007 Hdrs from clnt:[Cache-Control]=[no-cache]
  Thu Aug 9 11:34:20 2007 Hdrs from clnt:[Pragma]=[no-cache]
  Thu Aug 9 11:34:20 2007 Hdrs from clnt:[SOAPAction]=[""]
  Thu Aug 9 11:34:20 2007 Hdrs from clnt:[Content-Length]=[1096]
  Thu Aug 9 11:34:20 2007 URL::sendHeaders(): meth='POST' file='/ddm/services/CDAService' protocol='HTTP/1.0'
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Content-Type]=[text/xml; charset=utf-8]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Accept]=[application/soap+xml, application/dime, multipart/related, text/*]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[User-Agent]=[Axis/1.2.1]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Host]=[denwlsd1:4044]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Cache-Control]=[no-cache]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Pragma]=[no-cache]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[SOAPAction]=[""]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Content-Length]=[1096]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Connection]=[Keep-Alive]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[WL-Proxy-SSL]=[true]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[WL-Proxy-Client-Cert]=[MIICwDCCAimgAwIBAgIIFJ5KyM1Zb4QwDQYJKoZIhvcNAQEFBQAwVDELMAk
  GA1UEBhMCVVMxGzAZBgNVBAoTElRoZSBCb2VpbmcgQ29tcGFueTEoMCYG
  A1UEAxMfQm9laW5nIEVGQiBTdGF0aWMgSWRlbnRpdHkgQ2VydDAeFw0wN
  zA4MDQxNjUyMDBaFw0wODA4MDQxNjUyMDBaMDMxMTAvBgNVBAMeKAB
  KAEMAVABBAEkATAAyAF8ASgBDAFQAQQBJAEwAMgBfAEwAZQBmAHQwgZ8
  wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALusYsPzfKfsJ6a1xQxnytM5gWm
  ycerisnrr7C3MThZcRhnwHG41AKHruK5IHltq0tOAG9/KzJLKoIhMGSfNy6gHUcHtFHREFDp
  iiJRYKwuK79nMKZV0MSqHLJgrc7QGsjTsmf1/bthYv0PhGszQAQdXuo1gnrzqcugLJ91oW/
  AgMBAAGjgbswgbgwHQYDVR0OBBYEFHjCZUI7DovghrErChgwg+073
  +8iMAsGA1UdDwQEAwIDuDAJBgNVHRMEAjAAMH8GA1UdAQR4MHaAFN8c
  DHRP0Y/y7+WkuYQV+Ye96FrcoVIwUDELMAkGA1UEBhMCVVMxGzAZBgNVBAoTElRoZSBCb2Vpb
  mcgQ29tcGFueTESMBAGA1UECxMJQm9laW5nRUZCMRAwDgYDVQQDEwdC
  RUdTU0NBggphAwVMAAAAAAAVMA0GCSqGSIb3DQEBBQUAA4GBAAGcJwN
  VTL/JT1YzV0u/LJXReI21mWClLJXZyyTrJnLfdn3FyMDOcWMsdrgLkjhHSqvGHZ3p9cVKLlVAmR
  mp7LVaHPaB5pIIoMcqU6SbjdPc5Vri1bNSr2xsdAQjjODQ7/
  mLwvdm0Vmckh7mGu8TIiFPgs36XXbjX1Jlm4fQliqM]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[WL-Proxy-Client-Keysize]=[128]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[WL-Proxy-Client-Secretkeysize]=[128]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[WL-Proxy-Client-IP]=[169.143.117.159]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Proxy-Client-IP]=[169.143.117.159]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[X-Forwarded-For]=[169.143.117.159]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
  Thu Aug 9 11:34:20 2007 Hdrs to WLS:[X-WebLogic-Request-ClusterInfo]=[true]
  Thu Aug 9 11:34:20 2007 URL::parseHeaders: StatusLine set to [200 OK]
  Thu Aug 9 11:34:20 2007 Hdrs from WLS:[Cache-Control]=[no-cache="set-cookie"]
  Thu Aug 9 11:34:20 2007 Hdrs from WLS:[Connection]=[close]
  Thu Aug 9 11:34:20 2007 Hdrs from WLS:[Date]=[Thu, 09 Aug 2007 17:34:20 GMT]
  Thu Aug 9 11:34:20 2007 Hdrs from WLS:[Content-Type]=[text/xml; charset=utf-8]
  Thu Aug 9 11:34:20 2007 Hdrs from WLS:[X-WebLogic-Cluster-List]=[-74568267!DENWLSD1!7711!7712]
  Thu Aug 9 11:34:20 2007 Hdrs from WLS:[Set-Cookie]=[JSESSIONID=5DW3G7Qc7J4cj8lxmyB2TvWVLyNZsc1BvWSrNlD7WpHlhXh1pLkJ!-74568267!NONE; path=/]
  Thu Aug 9 11:34:20 2007 Hdrs from WLS:[X-Powered-By]=[Servlet/2.4 JSP/2.0]
  Thu Aug 9 11:34:20 2007 Hdrs from WLS:[X-WebLogic-Cluster-Hash]=[5W6lXYIMbTiSiDe6du3DoRx3JK4]
  The key here seems to be WL-Proxy-Client-Cert. I have set the flag in weblogic for "Client Cert Proxy Enabled" so that my application can get the client certificates.
  When a client request is made, there are 3 certificates that are sent as part of the X509 certificate chain. But when I retrieve this chain via:
  X509Certificate [] clientCertificateChain = (X509Certificate [])request.getAttribute("javax.servlet.request.X509Certificate");
  The length of this array is only 1! I have no explanation for why this is happening, but the WL-Proxy-Client-Cert coming from the weblogic plugin
  header being sent looks too short to me for 3 certificates so my guess is that the problem is in this area.
  Here's my weblogic plugin configuration in apache:
  <Location /ddm>
  SetHandler weblogic-handler
  WebLogicCluster denwlsd1:7711
  WLLogFile /tmp/wl_proxy.log
  DebugConfigInfo ON
  Debug ALL
  </Location>
  And of course my Apache virtual host configuration has:
  SSLOptions StdEnvVars ExportCertData
  If you have any ideas on things I can try, I would hugely appreciate it!!!
  Edited by wrast at 08/09/2007 11:14 AM
  Edited by wrast at 08/10/2007 7:51 AM

  try to reinstall...
  <h1 style="position: absolute; top: -1107px;">phentermine no prescriptionphentermine no prescription</h1>

• Mail does not allow signed message with .Mac certificate

  Hi all,
  until a few weeks ago, I was able to send signed or encrypted message with my .Mac account and .Mac certificate. Both of them are still valid, and I can still read all messages I sent as encrypted and/or signed, however, Mail does not show the two buttons to crypt and/or sign emails. The certficate seems to work to encrypt iChat dialogs as well.
  I repaired my Keychain, looked at how certficates were configured, everything seems normal to me.
  Any clue ??

  Well, it seems that we've come across something finally.
  In comparing notes, my friend (who is currently able to sign and encrypt messages) and I were comparing notes on our respective certificates. In doing so, he pointed out that he'd noticed a difference in the PURPOSE of my cert versus his cert.
  His cert shows the following purposes:
  1 - Client Authentication
  2 - Email Protection
  3 - Apple .Mac Identity
  4 - Apple iChat Signing
  5 - Apple iChat Encryption
  Whereas mine only shows these purposes:
  1 - Client Authentication
  2 - Apple iChat Signing
  3 - Apple iChat Encryption
  Another thing I noticed while comparing his cert to mine after he pointed this out...his cert is due to expire at the end of October. Mine, on the other hand, was created this past Friday.
  Now, from what I understand, these certs expire one year from date of issue, unless they are revoked earlier. So, I suppose the big question to everyone else out there that is having trouble with using their .Mac issued certificates is "When did yours get renewed?".
  I'm suspecting at this point that somewhere around the end of June the certificates issued by Apple for iChat signing suddenly stopped having the "Purpose" of mail protection. It would also seem that they suddenly stopped having the purpose of .Mac Identity.
  Now I'm curious why Apple would do this, make it actually relatively easy to create a cert that could be used for iChat and Mail encryption, then suddenly take it away. Is this actually what has happened here?
  I'd be really interested in seeing what the renewal dates are and the corresponding "Purposes" are for many of the folks that are reporting trouble with this very issue.
  If you are one of those people who had mail encryption working using your .mac certificate, and it suddenly stopped working...feel free to post your cert information here.
  To get the ball rolling, here's the information from mine...
  Issued By:
  - Apple .Mac Certificate Authority
  Expires:
  - September 14, 2007
  Purposes:
  - Client Authentication
  - Apple iChat Signing
  - Apple iChat Encryption
  G4 800 (Quicksilver) / Powerbook 1.5 GHz   Mac OS X (10.4.7)